Description
If you're using Splunk, you have the option to integrate that with ConcealBrowse. This allows metrics and data collected by Conceal can be seamlessly transferred into Splunk. This article will guide you through integrating Splunk with ConcealBrowse.
Applies to
- Splunk
Procedure
**Before you begin: You will need to have Splunk configured for ConcealBrowse. If you need assistance please refer to the article for Splunk Configuration
There are two parameters you need to set in the Conceal plugin settings: HTTP Event Collector URL & API Key.
HTTP Event Collector URL is in the format <protocol>://<host>:<port>/<endpoint>
To break this down:
- <protocol> is either http or https
- <host> is the Splunk instance that runs Http Event Collector (HEC)
- <port> is the HEC port number, which is 8088 by default, but you can change in the HEC Global Settings
- <endpoint> is the HEC endpoint we want to use. In Conceal integration cases, we use the /services/collector/event endpoint for JavaScript Object Notation (JSON)-formatted events
- A sample for Splunk Cloud with default settings might look like:
https://<Splunk Host>.splunkcloud.com:8088/services/collector/event
- A sample for Splunk Cloud with default settings might look like:
To retrieve your API Key in your Splunk instance:
- Click Settings > Data Inputs.
- Click HTTP Event Collector.
- API Key is the token value displayed in that table with the corresponding HEC name
Entering Splunk data into your Conceal Dashboard
- Navigate within a web browser to https://dashboard.conceal.io and login if necessary.
- Click on the section labeled Plugins on the left hand menu.
- Scroll down and in the PostProcess section, locate the Splunk tile and click the button labeled Configure
- This will bring up the form where you will need to enter the HTTP Event Collector URL & API Key retrieved in previous steps. Enter the HTTP Event Collector URL in the first field. For privacy purposes this has been blurred out.
- Enter the Splunk HTTP Event Collector API Key in the second field.
- Click to fill the checkbox for Enabled
- If you are using a Splunk Cloud trial account and haven’t installed an SSL certificate, you will need to select the Splunk Cloud Trial option. It allows ConcealBrowse to connect to your Splunk instance without SSL verification, which decreases security, but can be useful for evaluating the plugin on a trial Splunk account.
- Click the Close button and you now have Splunk integrated with ConcealBrowse! You do not have to do anything else as a user, the integration is complete and the data is automatically sent over.
Video Reference:
*Never hesitate to contact your Customer Success Manager for any questions or concerns. You may also open a support ticket at support.conceal.io by scrolling to the bottom and clicking Submit a request.
Was this article helpful?
Articles in this section
- Integrating Wazuh with ConcealBrowse
- Integrating Syslog with ConcealBrowse
- Integrating Azure Sentinel with ConcealBrowse
- Integrating Devo with ConcealBrowse
- How to push pre-process results into a custom post-process webhook
- Reading data in Splunk
- Reading data in Elasticsearch
- Elasticsearch Integration with ConcealBrowse
- Splunk integration with ConcealBrowse
- Elasticsearch configuration